That works! I had tried it that way previously, a few years ago, without luck.
It now seems to work.
Thank you!

@dranick You are probably referring to Cisco open-sourcing Vector Packet Processing (VPP) which is a fundamental part of a Netgate product called TNSR which is a completely different code base from pfSense.

OpenVPN works. Maybe you should concentrate on asking some questions there, watching the OpenVPN hangouts, reading the pfSense book's OpenVPN section, etc.

There is no functional difference in OpenVPN on Community Edition on a VM and factory on an XG-1537.

i had try do that before, now i have upgrade PF 2.4.3 to 2.4.4, but i can't open lan gateway webGUI, i can ping gateway ip and network work, why i can't open webGUI. i need waiting for fix this and then try setup MTU again.

It should see the USB image as bootable if you have UEFI enbabled.
That looks like a regression though. Thanks for reporting.

Steve

I made the change for the zfs arc cache in loader.conf and then rebooted. The memory is back down to normal and no swap usage as expected. Hopefully that will solve it for good. I'll keep an eye on it.

I have walked back some changes but I thought I would now change the ENTIRE hardware platform.

New...

An ASUS Prime A320M-K Motherboard. Together with the 2200 CPU is cheap and it comes with a whisper quit fan and heatsink glue already applied so you just need to be careful screwing the fan to the motherboard - and of course take care inserting the CPU. Not to mention it has VGA which is perfect for a router appliance. Also has serial port, but I don't expect to need it.

So this motherboard has a Realtek ethernet port onboard I also use an Intel 1000 card in a PCI slot for the WAN. BSD/pfsense has booted and installed correctly to my observations.

But why do I still get this message... ?

code ```Sep 6 19:38:24 pfsense kernel: arpresolve: can't allocate llinfo for 99.2xx.xxx.1 on em0

Our network is big and has lots of ip address, such as departments, servers, printers and etc. I would like to have a separator to differentiate them like we do in firewall rules so that I can easily find and see ok from this ip address to that address are for instance accounting department and etc. It would be nice to have it in the next pfSense release.

You're welcome. Just want to also prompt you to go over it once more since I've done several edits.

Generally it should all be very much alike several guides out there for pfSense + Private Internet Access, under the context of forcing specific clients to use the VPN and fail all Internet access if it's down (implement both the VPN tunnel, and the VPN Kill Switch, at the router level).

Good luck!

You could use Captive Portal for that I guess, but most people would use the squid proxy for something like that.

I think the user permissions are probably the wrong tree to be barking up.

@stephenw10
Thank you Stephen.

Ok, Sure.

Lokesh Kamath.

Hi,
Do you know what the process is for installing this manually?

You have a dhcpd running!! Find it... Run dhcpdump or sniff for the traffic.. Pfsense can do a packet capture on its lan and you will see the broadcast traffic..

And your cable modem is on a different layer 2.. Is it not??? Do you have your cable modem connected to your switch? Normally you would set your infrastructure devices to be static IP.

I ended up going with a ebay used dell/hp sff i7 4770 with pcie. It will replace a n54l which is struggling already with pfblockerng (large list), snort (alerts only) etc using 8gb ram out of 16.

I already have dual and quad intel nics ready to go in.

vpn to connect to firewall.

multiple vpn points of presence to accommodate gamers and streamers.

snort and one day suricata.

1/3 the price of a appliance for me and way more powerful, cheap easy to replace.

As that is not a typical deployment, there isn't any way to know that without trying. Probably could be done with minimal RAM (512MB or probably less, but I wouldn't go lower than 256+swap), no reason to skimp on disk space, standard there is ~20GB for a VM. Again, may by able to get by with less but not much reason to these days. Single CPU core would do fine.

Thanks for the responses. I see that I can set a client identifier and/or description when assigning static mapping and that is the kind thing I was looking for. Ideally, I'd be able to do that with any client/MAC address (not just static mappings). It's really convenient for understanding what is active on the network at a glance and I don't want to assign static mappings for everything.

Thanks again!

Hello Steve,

How stupid of me. I changed both to meetingpark and now it all works.
Thanks for your help.

If that all happens through your WAN port, maybe the block bogons option on your WAN interface is getting in the way? I’ve never had to disable that before to hit 100.1, but maybe it’s a “feature” of newer versions of pfSense (I haven’t touched pfSense in almost 2 years)

HI thanks both for your explanation that make more sense now for me.

Effectively it s better to use Split DNS and to add entry for all i just forget this simple solution.

KR